[Freeipa-users] HBAC access denied, all AD groups not detected
Lachlan Musicman
datakid at gmail.com
Tue May 17 22:35:14 UTC 2016
Hmmm, I also now see
https://fedorahosted.org/sssd/ticket/2642
and
https://bugzilla.redhat.com/show_bug.cgi?id=1217127
Versions being run:
sssd-client-1.13.0-40.el7_2.4.x86_64
sssd-ad-1.13.0-40.el7_2.4.x86_64
sssd-proxy-1.13.0-40.el7_2.4.x86_64
sssd-1.13.0-40.el7_2.4.x86_64
sssd-common-1.13.0-40.el7_2.4.x86_64
sssd-common-pac-1.13.0-40.el7_2.4.x86_64
sssd-ipa-1.13.0-40.el7_2.4.x86_64
sssd-ldap-1.13.0-40.el7_2.4.x86_64
python-sssdconfig-1.13.0-40.el7_2.4.noarch
sssd-krb5-common-1.13.0-40.el7_2.4.x86_64
sssd-krb5-1.13.0-40.el7_2.4.x86_64
ipa-server-trust-ad-4.2.0-15.0.1.el7.centos.6.1.x86_64
------
The most dangerous phrase in the language is, "We've always done it this
way."
- Grace Hopper
On 17 May 2016 at 22:34, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Tue, May 17, 2016 at 03:08:37PM +1000, Lachlan Musicman wrote:
> > FWIW,
> >
> > We are seeing the issues that are described here:
> >
> >
> https://www.redhat.com/archives/freeipa-users/2015-December/msg00046.html
> >
> > I was about to write when I found this, it explains exactly what I am
> > seeing - right down to the "impossible to reproduce because it's so
> > (seemingly) random".
> >
> >
> > I am about to read up on the SSSD trouble shooting in order to up the
> logs
> > &etc, but here is some output I can share - note that this all happened
> in
> > ~5 minutes. As you can see, clearing the cache has various unpredictable
> > effects. Both users should return the same list of groups. This was
> > performed on a FreeIPA client.
>
> There were some bugs related to external groups, what server and client
> packages version are you running?
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160518/31d69e04/attachment.htm>
More information about the Freeipa-users
mailing list